SSL Handshake failed with rest API

mourad_bilog · wrote on 6 Oct 2021, 11:58

Hello everyone,
Since last Thursday, I'm encontering an SSL Handskae failed when I'm consuming my API.
I'm not using any SSL certificate with then NetworkAccessManager object. Below my source code

QEventLoop eventLoop;
  QNetworkAccessManager networkManager;
	if (!m_networkProxy.hostName().isEmpty())
		networkManager.setProxy(m_networkProxy);

	qDebug() << QString("%1/getUserToken?username=%2").arg(m_sServerURL, m_strSerialLic); //TheriaqueSuivi/

	QObject::connect(&networkManager, SIGNAL(finished(QNetworkReply*)), &eventLoop, SLOT(quit()));
    QNetworkRequest networkRequest( QUrl( QString("%1/getUserToken?username=%2").arg(m_sServerURL, m_strSerialLic) ) );
	
    QNetworkReply *networkReply = networkManager.get(networkRequest);
    eventLoop.exec();
 
	QString strResponse = (QString)networkReply->readAll();

    QJsonDocument jsonResponse = QJsonDocument::fromJson(strResponse.toUtf8());
    QJsonValue valErrorCode = jsonResponse.object().value(ERROR_CODE);
    QJsonValue valResult = jsonResponse.object().value(RES_MSG);

    if ((networkReply->error() != QNetworkReply::NoError) || (valErrorCode.toInt() != 1000))
        qDebug() << networkReply->errorString() << valResult.toString() << networkReply->error();
        
        emit networkError( networkReply->error() );

		delete networkReply;
    }

I've seen this issue but despite adding the below source, the error is still here.

	QString pemCert = QApplication::applicationDirPath() + "/"+"isrgrootx1.pem";

#if QT_VERSION >= QT_VERSION_CHECK(5, 15, 0)
	QSslConfiguration::defaultConfiguration().addCaCertificates(pemCert);
#else
    QSslSocket::addDefaultCaCertificates(pemCert);
#endif

	QSslConfiguration SslConfiguration(QSslConfiguration::defaultConfiguration());

	QList<QSslCertificate> caList = SslConfiguration.caCertificates();

	caList.append(QSslCertificate::fromPath(pemCert.toLocal8Bit())); //Root CA

	SslConfiguration.setCaCertificates(caList);

	SslConfiguration.setLocalCertificate(QSslCertificate(pemCert.toLocal8Bit()));

	SslConfiguration.setProtocol(QSsl::SslV3);

	SslConfiguration.setPeerVerifyMode(QSslSocket::VerifyPeer);

	networkRequest.setSslConfiguration(SslConfiguration);

Can anyone tell me what I'm wrong and what to do to fix the problem because it impacts my clients.
Regards

SGaist · wrote on 6 Oct 2021, 19:10

Hi,

Any chances that your API uses a Let's Encrypt certificate ?

mourad_bilog · wrote on 7 Oct 2021, 10:12

Hello
As you can see, I'm not using any certificate to consume the API. In server side, we use a LetsEncryt certficate to use HTTPS protocol. The certificate is up to date after the LetsEncrypt update on 30/09/21.

Adding a certificate on the client side doesn't resolve the problem. For test, we have tried to consume the API from a Java client and it works fine. So, the problem is from the application.

SGaist · wrote on 7 Oct 2021, 19:06

I am wondering whether you are having the same issue discussed here.

mourad_bilog · wrote on 19 Oct 2021, 09:06

Hello,

Thanks for the link. It helped me.
But, in my case, I've used the solution given here and the problem was fixed.

Regards.